5 matches found
CVE-2008-4157
CVE-2008-4157 documents an SQL injection in phpVID (Vastal I-Tech) groups.php via the cat parameter affecting PHPVID 1.1 and later 1.2.3. Connected records confirm related SQL injection issues in phpVID 1.2.3 via the n parameter (and note that the cat vector is already covered by CVE-2008-4157), ...
CVE-2013-5312
CVE-2013-5312 affects Vastal I-Tech phpVID 1.2.3 with multiple XSS vulnerabilities. The issue arises from user-supplied inputs in two pages: browse_videos.php (parameter n) and groups.php (parameter cat), enabling remote attackers to inject arbitrary web script or HTML. The connected documents co...
CVE-2013-5311
CVE-2013-5311: Affected software is Vastal I-Tech phpVID 1.2.3. The vulnerability is SQL injection via the n parameter in browse_videos.php and members.php (cat parameter noted as covered by CVE-2008-4157). Impact is remote SQL command execution as described in the public records. Connected docum...
CVE-2015-2563
CVE-2015-2563 describes an SQL injection in the Vastal I-Tech phpVID web app (versions 0.9.9 and 1.2.3) specifically in the groups.php script. The vulnerability is triggered via the order_by parameter, allowing remote attackers to execute arbitrary SQL commands. The note indicates the cat paramet...
CVE-2008-2335
The CVE-2008-2335 entry describes a cross-site scripting (XSS) vulnerability in Vastal I-Tech phpVID 1.1 and 1.2 (also reported for 1.2.3) where an attacker can inject arbitrary script/HTML via the query parameter in search_results.php. Affected software: phpVID 1.1, 1.2 (and 1.2.3 per notes). Th...